Announcement

Collapse
No announcement yet.

2008 DNS forwarder timeout

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • 2008 DNS forwarder timeout

    I have a strange issue with my rig at home.

    Setup:

    2008 DC (with DNS, DHCP and Virtual Server)
    2003 VM's for Exchange, SQL , MOSS etc

    The 2008 DC resolves quickly and acurratly for zones it is authoritative for (all zones AD integrated, zones include the AD DNS and a few others in split brain for local name resolution). the DNS config is set to forward to my ISP's DNS for all non local zones.
    When querying (either through a browser or nslookup) the DNS server for non-local names (e.g. www.google.co.uk) it resolves quickly sometimes, other times I get a couple of timeout and then the non-auth response, others just time out.

    I installed DNS on one of the 2003 VM's and configured it as caching only (forwarding to ISP DNS, same IP's as used above), querying this server always returns results quickly.

    Pointing the ISA server at the 2003 DNS has solved the timeouts when surfing.

    I have then set the 2008 DC to forward to the 2003 DNS server (rather than ISP) and this exhibits the same behaviour as if it was forwarding to the ISP (i.e timeouts for no apparent reason).

    This, to me, has ruled out everything except the 2008 DNS (i.e. not ISP or firewall issue).

    I have remioved and re-installed the DNS role on the 2008 DC and still get the same behaviour...

    What am I missing??????

    TIA!

  • #2
    Re: 2008 DNS forwarder timeout

    how/what configuration method you used to forward all external references to you ISP?

    Comment


    • #3
      Re: 2008 DNS forwarder timeout

      I had an issue where a 2008 wouldn't resolve google. A DNS service restart fixed that for me.
      Please remember to leave positive reputation points (The Ying Yang Icon) if someone helps you.

      Comment


      • #4
        Re: 2008 DNS forwarder timeout

        I have my ISP's DNS servers (as listed here: http://www.demon.net/helpdesk/techni.../misc/numbers/) set as forwarders, "use root hints if no forwarder available" is enabled.

        The firewall rule is:

        From: <IP of DC>
        To: ANY
        Port: 53
        Protocol: Both TCP and UDP

        Comment


        • #5
          Re: 2008 DNS forwarder timeout

          If you disable the firewall on this 2008 server does it work ok then?
          Please remember to leave positive reputation points (The Ying Yang Icon) if someone helps you.

          Comment


          • #6
            Re: 2008 DNS forwarder timeout

            Thanks for the replies mate, windows Firewall disabled already...

            I can connect to my ISP DNS using nslookup from the DC (tried a few other DNS servers successfully too).

            Comment


            • #7
              Re: 2008 DNS forwarder timeout

              Originally posted by mattgroves View Post
              From: <IP of DC>
              To: ANY
              Port: 53
              Protocol: Both TCP and UDP
              What's this mentioned for then?

              Anyway. Did you try restarting the DNS service?
              If you use the DNS on the Windows 2003 server on the Windows 2008 server (if you get what I mean o_0) do requests work quicker?
              Please remember to leave positive reputation points (The Ying Yang Icon) if someone helps you.

              Comment


              • #8
                Re: 2008 DNS forwarder timeout

                The firewall rule is from the perimeter firewall.

                Have restarted DNS, and rebooted, a few times.

                Can I check I'm following you... Set the 2008 DC NIC to use the 2003 DNS VM, leavin the DNS (role) properties as they are (?)

                Comment


                • #9
                  Re: 2008 DNS forwarder timeout

                  Yes use the IP of the 2003 DNS Server on the Windows 2008 NIC.
                  Please remember to leave positive reputation points (The Ying Yang Icon) if someone helps you.

                  Comment


                  • #10
                    Re: 2008 DNS forwarder timeout

                    I had this same problem on 2008 servers until a month or two ago when Microsoft patched the DNS port randomization problem that affected most all DNS severs. This seemed to solve it for me.
                    CORRECTION: As I'm writing this I tested a clients 2008 Server that has the DNS port update and they still have the timeout.
                    Example:
                    > toyota.fr
                    Server: UnKnown
                    Address: ::1
                    DNS request timed out.
                    timeout was 2 seconds.
                    *** Request to UnKnown timed-out

                    or

                    > motospeed.se
                    Server: UnKnown
                    Address: ::1
                    DNS request timed out.
                    timeout was 2 seconds.
                    DNS request timed out.
                    timeout was 2 seconds.
                    *** Request to UnKnown timed-out

                    After the timeout the DNS resolves correctly.

                    -MacGyver

                    Comment


                    • #11
                      Re: 2008 DNS forwarder timeout

                      I haven't read all the thread so apologies if this is completely irrelevant.
                      Some firewalls have strict RFC policies. The PIX for example had a fixup command for DNS that forced 512b size for DNS. eDNS broke this.

                      http://technet.microsoft.com/en-us/l.../cc787130.aspx

                      Anything like that involved with 2008?
                      cheers
                      Andy

                      Please read this before you post:


                      Quis custodiet ipsos custodes?

                      Comment


                      • #12
                        Re: 2008 DNS forwarder timeout

                        Try turning off IPv6 which is on by default for 2008. My 2008 boxes have a random bad habit of going over IPv6 for some services causing problems.

                        Comment

                        Working...
                        X